ESET Research: Wauchos now headed for extinction?
As Wauchos was sold on underground forums, there were various monetization schemes. One of them was to use the form grabber plugin to steal passwords for online accounts.
Botnet
ESET helps law enforcement worldwide to disrupt Gamarue botnet
Throughout its monitoring of the threat, ESET found dozens of C&C servers every month. The bulk of ESET’s research was conducted late last year, with the peak of Wauchos’s activity going back approximately to that time.
ESET takes part in global operation to disrupt Gamarue
Wauchos is an extensible bot that allows its owner to create and use custom plugins. However, there are some plugins that are widely available and that are used by many different botnets.
Google removes 300 Android apps following DDoS attack
Google has been forced to remove almost 300 apps from its Play Store after learning that apps were being hijacked for DDoS attacks.
Avalanche takedown: Check if you are safe
Earlier this week coordinated law enforcement action took down the Avalanche fast-flux network. ESET has been assisting in the cleanup.
News from the Dorkside: Dorkbot botnet disrupted
Law enforcement agencies from around the globe, aided by Microsoft security researchers, today announced the disruption of one of the most widely distributed malware families – Win32/Dorkbot.
Botnets: remote controls for cybercriminals
As promised in our post about the European Cyber Security Month during October, we are publishing about Botnets and Exploits this week. Even though we had the Poodle flaw in the web encryption standard a few days ago, we are using this week to explain what are botnets and exploits and how they work.
Zombie detector: Half-century-old tool may help sniff out botnets, researchers claim
A statistical tool first used in 1966 and currently used in speech and gesture recognition may hold a key to sniffing out botnets - by predicting the likely “next move” of infected PCs and the healthy computers around them, researchers have claimed.
Microsoft’s new crime-fighting super-team strikes blow against million-strong “zombie army”
Only weeks after Microsoft unveiled a global Cybercrime Center armed with new, hi-tech tools to combat crime, it announced it had carried out a global action leading to "significant disruption" of the Siferef botnet, a network controlling up to two million "zombie" PCs.
The rise of TOR-based botnets
TOR-based botnets are not a new trend and were already being discussed a few years ago at Defcon 18 (“Resilient Botnet Command and Control with Tor”). But in the last year we’ve been able to confirm some interesting facts concerning the use of these ideas in real-world botnets. This topic was already discussed around the beginning
FBI and Microsoft break up $500 million Citadel botnet
Microsoft and the FBI have broken up a large portion of the Citadel botnet - a network which had stolen $500 million from bank accounts in 90 countries around the world by installing keylogger software on five million machines.
Internet Service Providers “failing to protect” against cyber attacks, says EU agency
The European cyber security agency ENISA said Internet Service Providers in the EU have failed to implement a set of best practice recommendations which have been in place for 13 years - which could reduce the scope of even the largest DDoS attacks.
Walking through Win32/Jabberbot.A
Malware authors have a solid track record in regards to creative Command and Control protocols. We’ve seen peer-to-peer protocols, some custom (Sality), some standard (Win32/Storm uses the eDonkey P2P protocol). We’ve seen binary protocols (Win32/Peerfrag, aka Palevo). We’ve seen other custom protocols that leverage other standard protocols such as HTTP (Win32/Georbot), DNS (Morto)and IRC (Win32/AutoRun.IRCBot.AK),
Nitol Botnet: You Will Never Break The Chain
Nitol versus Michelangelo: the supply chain is much more than the production line.
Quervar Induc.C reincarnate?
Win32/Quervar (a.k.a Dorifel, XDocCrypt) is a virus family that has been in the news recently, especially in the Netherlands. It has been reported to be causing havoc on computers of several notable Dutch institutions. In our analysis, we provide additional technical details about the workings of the virus and compare it to another virus, the
Rakshasa hardware backdooring: the demon that can't be exorcized?
Jonathan Brossard describes an 'undetectable, unremovable' attack on firmware through gimmicked hardware or a subsequent malware attack. David Harley isn't convinced.
Rovnix.D: the code injection story
Detailed analysis of Rovnix.D reveal updates to the code injection technique employed, allowing multiple injections with a variety of payloads.
Rovnix bootkit framework updated
Changes in the threatscape as regards exploitation of 64-bit systems, exemplified by the latest modifications to the Rovnix bootkit.
All Carberp botnet organizers arrested
Carberp is a unique case, with all the guys who organized really big botnets and made big profits (millions of US dollars) being arrested.
Win32/Gataka: a banking Trojan ready to take off?
We have been following the development of the Win32/Gataka banking Trojan for several months and can now share some details of its operation which includes facilitating fraudulent bank transfers. This first post will highlight some of its key features, while the second will detail several interesting, more technical aspects of this malware. This banking Trojan